Dantz Retrospect Express Backup v5.5

R-E-S-P-E-C-T----Sock It To Me, Sock It To Me

Date 6/18/01
by Sojourner
Published by Tsehp
There is a crack, a crack in everything. That's how the light gets in.
()Beginner (x )Intermediate ( )Advanced ( )Expert

This one took some decent brainpower but was well worth it if you use this sort of prog.


Alright, I'm back in the "I need to backup my junk on my computer" mode because I 
inadvertently followed some advice I had read about resetting the Master Boot Record on 
my system. Let me tell you, that is a "NO, NO" when you have anything on your harddrive.

What happens is the MBR is really reset and your system doesn't recognize your drive, 
kind of like what happened with the Chernobyl virus eating up a portion of the boot 
sector some years back. Anyway, I really did have backups made already with my handy, 
dandy Veritas Backup Exec 4.2.1., so I just reloaded them back onto my harddrive after 
doing the fdisk thing, formatting, etc. The only problem was that some of the files 
didn't copy perfectly and I got some errors. No biggy, I mean almost everything worked 
perfectly, but that's not quite good enough for my system.

With that little episode, I began to rethink my backup solutions and did a little 
research for current backup software that might be better than my tried and true 
Veritas. I could only hope. I discovered that I needed to be able to do spanning of 
media. My choice of burner was a cd-r by Plextor. Also, I needed to be able to backup 
open files. I always got error messages from Veritas telling me that such and such a 
file could not be backed up because it was in use, and blah, blah, blah. Definitely not 
what I needed to hear. So we are now at the point of jumping off. "Let' go, Indy."
Tools required

w32dasm 8.x--your choice of flavors--try to get at--www.8bn.com/hambo in the tools section

hex editor needed- UltraEdit 8.xx or whatever you want to use --try www.ultraedit.com

resource editor -- Restorator 2.5-- you really need to look for this one, or use another

Target's URL/FTP

www.dantz.com Get your free fully functional thirty-day trial of Retrospect Backup for Windows in several flavors.

Just go to this site and then download what you need. There are several version. Be sure you have the right burner.

To Do List
What to do - Avoid the useless need for a license key


Oh boy, was this a fun lesson. Fun for me because I had to get around all this rinky-dink stuff . I discovered an important lesson here, don't be working on these things when you need them. Do it ahead of time. It saves a lot of grief. Be sure you have downloaded what you needed from Dantz. Now if you have downloaded a different product, you can follow along and probably learn something anyhow, because you know how companies and programmers are, we tend to do things the same way all the time. So do you. I am teaching you to think here. To learn general thought processes that will take you beyond Retrospect v5.5. This is just one program. My tutorials hopefully can open your mind to a higher form of learning. I want you to learn methods. In the future someone else can take you to a level far beyond me. Expect security to tighten up. Currently these lame key protected progs are mostly a bunch of crap. Read my tutorial on Construct-It, which is new here on astalavista, or my Sojorose if you can find it on Fravia's site. It is still there somewhere. I can't understand why a programmer would go to such lengths to make a killer prog only to use a piss-poor protection mechanism. It's like nobody reads the stuff we put out all over the world or they think the third-party tools from another programmer will be better. Who can say. OK, enough bitching and moaning and groaning, let' get back to work!! We have a prog to fix.

You have downloaded and installed what you needed, didn't you? Come on man, get real. We got work to do. Don't hold up our progress!! You must provide Dantz with a real email so they can send you a good key code. I actually got two of them. How nice. I only needed the one though and now I don't need any! Ha!. You see that it is equal to nineteen characters long: xxxx-xxxx-xxxx-xxxx. It is alphanumeric. You can go ahead and set your computer ahead five years like I did and run your prog. It doesn't care what the date is. BUT- set your clock back and Bingo, you get timed out right now. You'll get an error message telling you you need to get authorization to run the prog, but, if you set your clock back to the future, it will work just fine. This is important because you most likely will not crack this baby without doing multiple switches back and forth like I did. I actually do recommend for you to time out this little prog. Of course you can do it your way, it matters not to me. I am interested in results people, not how great I am, because I'm not. I'm just a regular guy. I hold a real job in the real world like most of you do. Have a wife, kids, all the regular king of things. Weird, huh? Now quit distracting me and let's get back to business. You will note immediately the the retrospect.exe is very small. Only about 112 kb. Tiny, right? Once you get in, you'll also see that it is very complex in that very tininess and it holds a lot of wonderful surprises in the deep, dark code woods. Please go ahead and disassemble the prog in w32dasm and then come back to class. Look around a bit, too, and you'll see that the prog calls several of its own .dlls, like bedrock.dll and meson.dll. These will be important to you, so I'm just letting you know. Sorry I was gone so long, I was just piddling around back inside the meson.dll, it has some interesting references to hashing, not what you smoke students, it's a type of algorithm for supposedly creating a unique key in one pass. It doesn't always work that way, but that's the theory. For those who are becoming keygenning specialists, this might be of interest to you.

Now, since you have already got everything ready, you can go ahead and run your prog at whatever date you wish. You will need that key code the first time you run your prog or you can't play. Go ahead and enter it. "Make my day." Once inside you'll notice the slick interface and the well laid out GUI. Mostly inconsequential but part of the package. Look around a bit. It's worth your time.

I never really did try to crack the key itself. I was more interested in what brought me to my error message that dealt with the expiration. One thing you can look for is 00015180. This is a very common form of dealing with date-type time, because 60s x 60m x 24hr = 86400 == 00015180(h) == 1 day Who knows what you will find. It is important to spend some time looking around in those .dlls I mentioned earlier because they have important references to certain functions. Do a search for key words that deal with lic, license, date, expir. Also be sure to check out the string references. I set breakpoints inside w32dasm on certain functions looking to catch important areas. I certainly found them also. Your most important breakpoints will be in the little .exe itself, though. Try some

They are only in numeric order. This way you'll get to see the flow of the prog. You can use your own, of course. I might as well tell you that I'm not going to solve this puzzle for you. But, I will put you where you need to be to do that. I believe it would be interesting for you to look at this jump:

611080E7 FF2495A4811061 jmp dword ptr [4*edx+61181A4]

Jumps like these typically indicate switch statements and if you look below that section at 611081A4 you will indeed see a whole list of these switches. Which one to follow? Well, don't get too hung up on changing anything right off the bat. Take your time to let the program walk you through all of this section. What you will find depends on two things: one is if you have any real time left on your license, (we had thirty days to eval this baby) and two, if there is no time left. The change occurs on your sixth time through the process (eax = 6) when you have no more time left, the prog takes a different path to get you to an error message. So logically, you must think that somewhere after eax has been set to six and down inside one of the .dlls probably- you can check some likely references as I pointed out earlier, you may run across where the path diverges that takes you to that nasty message and the need to re-register our worn time limit. If you are successful, as I have been, you will never need one of their lame keys again, and probably never again for any of their stuff, unless, of course, they change it radically. Ah, such is life. Enjoy this great challenge friends. One last detail, if you're running win2k it may be hard to follow the flow because you will be shut out if you try to walk through the prog. You may have to use softice. FYI. I will give one other awesome piece of info. If you inadvertantly force a wrong jump, you will indeed get the prog to open and look like it will run properly, but it won't. The program won't see the cd-r or cd-rw you have on your system. It won't see any devices to record with at all. Another FYI.


Final Notes

 This was a fun lesson, and certainly having to look to figure things out.  Also, I really don't like
this program because of some other inherent limitations in it, but this is an exercise. You don't have
to like or even use this stuff to learn from it. I'm sure I don't really use or need 80% of the stuff
I work on, but I do. Until later.
Also this request is from one of my readers. To try to let you know what I may work on next. I usually 
don't know. Things just come in haphazardly. Anyway, I've got practically all of the Veritas line to 
show you including the new BackExec Pro 4.5 (and the disaster recovery does work), Network Backup 8.5 
(8.6 should be about the same), a couple of very expensive progs for science and research, including
CAChe Medicinal Chemist and Array Vision (done with softice). So stay tuned folks. It should be fun.

If you have any questions please feel free to contact me at jomamameister@yahoo.com

Oh Duh
I wont even bother explaining you that you should BUY this target program if you intend to use it for a longer period than the allowed one.